Testing (to please myself) Live Mode User

Support
4

Separate /boot partition?

/boot in separate partition not covered. Tested just now. Created a file /boot/test which persisted after boot. Therefore also not covered because these are symlinks to /boot.

  • /initrd.img
  • /initrd.img.old
  • /vmlinuz
  • /vmlinuz.old

/home/user/test and /etc/test was gone after reboot.

Probably also not covered:

  • Partition management tools such as gparted.
  • Changes to partition table.
  • Changes to bootloader (grub-install).

sudo update-grub and sudo update-initramfs -u do not work in live mode. These shouldn’t result in modifications on the disk.

Encryption might make analysis harder but goal is to make that work of course too.

Good, because if the disk gets (auto) mounted and modified, then of course checksums would be different. Since encrypted however, I don’t think there could be any auto mounting. Well, except for /boot but I haven’t heard of any auto mount + auto modifications.

Reproduce the issue without involving the grub-live package for simplicity and to get access to upstream support.

grub-live is just a means to easily setup existing functionality created by upstream.

At time of writing it installs the following packages as per debian/control file:

live-boot live-boot-initramfs-tools live-tools

Most importantly, installs this file:

/etc/grub.d/11_linux_live

And eventually, file debian/grub-live.postinst effectively results in running:

sudo update-grub

That’s it. For anything more, try contacting upstream.

It has to be scripted of course. That reduces the manual labor. Replaces impossible manual labor with medium difficulty scripting. It’s been done. [1]

Maybe “just” the “apt-update” broke it as said above. Because if you create/modify a file in /etc/ or /home/user/ folders in live mode, these are gone after reboot, right?

vbindiff might give insights.

[1] analyze_image was previously used to reduce non-determinism (related to reproducible builds / verifiable builds) in two different Whonix builds. It creates all the sha512sum files and more in a report folder. When running this twice (for different images), these can be compared (such as using meld and/or kdiff3).

analyze_image requires an unencrypted image. cryptsetup luksOpen would probably suffice.